Export limit exceeded: 338254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (338254 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-0526 | 1 Cxbsoft | 1 Url-shorting | 2025-06-17 | 5.5 Medium |
| A vulnerability classified as critical was found in CXBSoft Url-shorting up to 1.3.1. This vulnerability affects unknown code of the file /pages/short_to_long.php of the component HTTP POST Request Handler. The manipulation of the argument shorturl leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250696. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-49619 | 2025-06-17 | 8.5 High | ||
| Skyvern through 0.1.85 is vulnerable to server-side template injection (SSTI) in the Prompt field of workflow blocks such as the Navigation v2 Block. Improper sanitization of Jinja2 template input allows authenticated users to inject crafted expressions that are evaluated on the server, leading to blind remote code execution (RCE). | ||||
| CVE-2023-7125 | 1 Peepso | 1 Peepso | 2025-06-17 | 4.3 Medium |
| The Community by PeepSo WordPress plugin before 6.3.1.2 does not have CSRF check when creating a user post (visible on their wall in their profile page), which could allow attackers to make logged in users perform such action via a CSRF attack | ||||
| CVE-2023-51949 | 1 Verydows | 1 Verydows | 2025-06-17 | 8.8 High |
| Verydows v2.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /protected/controller/backend/role_controller | ||||
| CVE-2023-44117 | 1 Huawei | 2 Emui, Harmonyos | 2025-06-17 | 7.5 High |
| Vulnerability of trust relationships being inaccurate in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2023-5253 | 1 Nozominetworks | 2 Cmc, Guardian | 2025-06-17 | 5.3 Medium |
| A missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and CMC, may allow an unauthenticated attacker to obtain assets data without authentication. Malicious unauthenticated users with knowledge on the underlying system may be able to extract limited asset information. | ||||
| CVE-2023-50729 | 1 Traccar | 1 Traccar | 2025-06-17 | 8.5 High |
| Traccar is an open source GPS tracking system. Prior to 5.11, Traccar is affected by an unrestricted file upload vulnerability in File feature allows attackers to execute arbitrary code on the server. This vulnerability is more prevalent because Traccar is recommended to run web servers as root user. It is also more dangerous because it can write or overwrite files in arbitrary locations. Version 5.11 was published to fix this vulnerability. | ||||
| CVE-2023-48383 | 1 Netvision | 1 Airpass | 2025-06-17 | 7.5 High |
| NetVision Information airPASS has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files. | ||||
| CVE-2023-42137 | 1 Paxtechnology | 9 A50, A6650, A77 and 6 more | 2025-06-17 | 7.8 High |
| PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow for command execution with high privileges by using malicious symlinks. The attacker must have shell access to the device in order to exploit this vulnerability. | ||||
| CVE-2023-42135 | 1 Paxtechnology | 3 A50, A920 Pro, Paydroid | 2025-06-17 | 6.8 Medium |
| PAX A920Pro/A50 devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow local code execution via parameter injection by bypassing the input validation when flashing a specific partition. The attacker must have physical USB access to the device in order to exploit this vulnerability. | ||||
| CVE-2023-42134 | 1 Paxtechnology | 3 A50, A920 Pro, Paydroid | 2025-06-17 | 6.8 Medium |
| PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.45_20230314 or earlier can allow the signed partition overwrite and subsequently local code execution via hidden command. The attacker must have physical USB access to the device in order to exploit this vulnerability. | ||||
| CVE-2024-0523 | 1 Cmseasy | 1 Cmseasy | 2025-06-17 | 6.3 Medium |
| A vulnerability was found in CmsEasy up to 7.7.7. It has been declared as critical. Affected by this vulnerability is the function getslide_child_action in the library lib/admin/language_admin.php. The manipulation of the argument sid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250693 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-21640 | 1 Chromiumembedded | 1 Chromium Embedded Framework | 2025-06-17 | 5.4 Medium |
| Chromium Embedded Framework (CEF) is a simple framework for embedding Chromium-based browsers in other applications.`CefVideoConsumerOSR::OnFrameCaptured` does not check `pixel_format` properly, which leads to out-of-bounds read out of the sandbox. This vulnerability was patched in commit 1f55d2e. | ||||
| CVE-2024-0501 | 1 Oretnom23 | 1 House Rental Management System | 2025-06-17 | 2.4 Low |
| A vulnerability has been found in SourceCodester House Rental Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Manage Invoice Details. The manipulation of the argument Invoice leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250609 was assigned to this vulnerability. | ||||
| CVE-2024-0489 | 1 Code-projects | 1 Fighting Cock Information System | 2025-06-17 | 6.3 Medium |
| A vulnerability was found in code-projects Fighting Cock Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/action/edit_chicken.php. The manipulation of the argument ref leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250594 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-0486 | 1 Code-projects | 1 Fighting Cock Information System | 2025-06-17 | 6.3 Medium |
| A vulnerability has been found in code-projects Fighting Cock Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/action/add_con.php. The manipulation of the argument chicken leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250591. | ||||
| CVE-2024-0479 | 1 Jifeer | 1 Taokeyun | 2025-06-17 | 7.3 High |
| A vulnerability was found in Taokeyun up to 1.0.5. It has been classified as critical. Affected is the function login of the file application/index/controller/m/User.php of the component HTTP POST Request Handler. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250584. | ||||
| CVE-2024-0475 | 1 Code-projects | 1 Dormitory Management System | 2025-06-17 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in code-projects Dormitory Management System 1.0. Affected by this issue is some unknown functionality of the file modifyuser.php. The manipulation of the argument user_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250580. | ||||
| CVE-2024-22137 | 1 Mailmunch | 1 Constant Contact Forms | 2025-06-17 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MailMunch Constant Contact Forms by MailMunch allows Stored XSS.This issue affects Constant Contact Forms by MailMunch: from n/a through 2.0.11. | ||||
| CVE-2024-21617 | 1 Juniper | 1 Junos | 2025-06-17 | 6.5 Medium |
| An Incomplete Cleanup vulnerability in Nonstop active routing (NSR) component of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause memory leak leading to Denial of Service (DoS). On all Junos OS platforms, when NSR is enabled, a BGP flap will cause memory leak. A manual reboot of the system will restore the services. Note: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability. The memory usage can be monitored using the below commands. user@host> show chassis routing-engine no-forwarding user@host> show system memory | no-more This issue affects: Juniper Networks Junos OS * 21.2 versions earlier than 21.2R3-S5; * 21.3 versions earlier than 21.3R3-S4; * 21.4 versions earlier than 21.4R3-S4; * 22.1 versions earlier than 22.1R3-S2; * 22.2 versions earlier than 22.2R3-S2; * 22.3 versions earlier than 22.3R2-S1, 22.3R3; * 22.4 versions earlier than 22.4R1-S2, 22.4R2. This issue does not affect Junos OS versions earlier than 20.4R3-S7. | ||||